Privacy Policy
Last updated: 2026-04-22
This policy explains how ks-giftcode ("we", "the service") collects, uses, and protects personal data. It is written to satisfy our obligations under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act / CPRA (CCPA).
1. Who we are
ks-giftcode is a community-run automation tool for the Kingshot mobile game. It accepts player-supplied Kingshot fid identifiers and redeems publicly announced gift codes on behalf of those players. The service is operated from the project's hosting provider (Vercel) and a managed Postgres database.
Questions about this policy can be sent to privacy@ks-giftcode.invalid.
2. Data we collect
| Category | Source | Examples |
|---|---|---|
| Player identifier | Registration form | 10-digit Kingshot fid |
| Player profile | Kingshot /api/player response | nickname, kingdom, avatarText |
| Redemption outcomes | Kingshot redeem API | Status, timestamps, retry counters |
| Admin identity | Environment configuration | ADMIN_EMAIL, admin session cookie |
| Technical telemetry | Server logs, error captures | Request method, path, masked IP |
| Analytics (opt-in) | First-party PostHog bootstrap | $pageview, tab navigation events |
We do not knowingly collect data from children. The Kingshot terms of service require players to be age-appropriate for their jurisdiction.
3. Legal bases (GDPR Art. 6)
- Contract / legitimate interest: processing a player's
fidto
redeem codes they have asked us to redeem.
- Consent: analytics tracking (PostHog) runs only after the visitor
accepts the on-page consent banner.
- Legal obligation / legitimate interest: security logs necessary to
detect abuse of the service.
4. Retention schedule
See data-retention-policy.md for the authoritative, per-model table. In plain language:
- Player registrations and redemption outcomes are retained for as
long as the event is active, plus a reasonable period for ticketing and audit purposes. We do not run an automatic purge on these rows. You may request erasure at any time via DSAR — see §6 (Your rights).
- Operational telemetry is time-boxed by an automated runner
(npm run privacy:retention). The current windows are:
| Data | Retention |
|---|---|
Error logs (ErrorLog) | 90 days |
Worker sync summaries (SyncRun) | 180 days |
| Redemption attempt rows | 180 days |
| Kingshot redemption feed (upstream) | 365 days |
- Admin sessions are held in a signed
admin_sessioncookie for
7 days and are re-issued on login.
- Analytics (collected only after consent) live for 90 days in
PostHog, subject to that vendor's own policy.
5. Third-party processors
- Vercel Inc. — hosting, edge routing, request logs.
- Supabase / Postgres hosting provider — primary database.
- Sentry (Functional Software Inc.) — error tracking and
diagnostics (loaded only after explicit consent on the client side; server-side error reports contain no PII thanks to the existing scrubbing pipeline). Sentry receives stack traces, breadcrumbs (console, DOM, fetch), and the release identifier. Data is used solely for debugging and improving service reliability.
- PostHog Inc. — product analytics (loaded only after explicit
consent).
- Kingshot LLC / Century Games — upstream API that resolves player
profiles and redeems gift codes. When a player's profile includes an avatar image URL, that image is loaded directly from Century Games' content delivery network (CDN). Your browser connects to the CDN when the image is rendered; this may reveal your IP address to Century Games. Avatar images are never stored by this service.
6. Your rights
Under GDPR and CCPA you have the right to:
1. Access — request a copy of the data we hold about you. 2. Rectify — request correction of inaccurate data. 3. Erase / delete — request deletion of your data. 4. Portability — receive your data in a machine-readable format. 5. Object / restrict — object to processing or ask us to restrict it.
To exercise these rights, email privacy@ks-giftcode.invalid with your Kingshot fid. Authorised operators use the admin endpoints /api/admin/privacy/export and /api/admin/privacy/delete to service requests within 30 days.
7. Cookies & tracking
Only two cookies are set:
| Cookie | Purpose | Lifetime |
|---|---|---|
admin_session | Authenticates the admin dashboard | 7 days |
ks_consent | Records your analytics consent | 180 days |
PostHog's own cookies are created only when you accept the consent banner. You can withdraw consent at any time by clearing ks_consent or clicking Reject in the banner after a fresh visit.
8. Changes
We post updates to this policy in the project repository under docs/privacy-policy.md. Material changes will be announced in the release notes for the affected version.